2014-12-07 18:27:14 +00:00
|
|
|
<?php
|
2016-08-01 01:08:41 +00:00
|
|
|
|
2022-02-16 04:08:28 +00:00
|
|
|
use Code\Access\Permissions;
|
|
|
|
use Code\Access\PermissionLimits;
|
|
|
|
use Code\Extend\Hook;
|
2019-08-06 22:24:30 +00:00
|
|
|
|
2016-08-01 01:08:41 +00:00
|
|
|
require_once('include/security.php');
|
|
|
|
|
2014-12-07 18:27:14 +00:00
|
|
|
/**
|
2015-03-21 23:06:08 +00:00
|
|
|
* @file include/permissions.php
|
2014-12-07 18:27:14 +00:00
|
|
|
*
|
2022-02-18 22:14:22 +00:00
|
|
|
* This file contains functions to check and work with permissions.
|
2021-12-03 03:01:39 +00:00
|
|
|
*
|
2014-12-07 18:27:14 +00:00
|
|
|
*/
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2016-09-01 03:29:32 +00:00
|
|
|
|
|
|
|
|
2012-10-29 05:08:08 +00:00
|
|
|
/**
|
2013-01-24 22:31:57 +00:00
|
|
|
* get_all_perms($uid,$observer_xchan)
|
2012-10-29 05:08:08 +00:00
|
|
|
*
|
2014-12-07 18:27:14 +00:00
|
|
|
* @param int $uid The channel_id associated with the resource owner
|
|
|
|
* @param string $observer_xchan The xchan_hash representing the observer
|
2018-07-31 00:41:37 +00:00
|
|
|
* if false, bypass check for "Block Public" on the site
|
|
|
|
* @param bool $default_ignored (default true)
|
|
|
|
* if false, lie and pretend the ignored person has permissions you are ignoring (used in channel discovery)
|
2012-10-29 05:08:08 +00:00
|
|
|
*
|
2014-12-07 18:27:14 +00:00
|
|
|
* @returns array of all permissions, key is permission name, value is true or false
|
2012-10-29 05:08:08 +00:00
|
|
|
*/
|
2022-11-20 05:28:50 +00:00
|
|
|
function get_all_perms($uid, $observer_xchan, $default_ignored = true)
|
2021-12-03 03:01:39 +00:00
|
|
|
{
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$api = App::get_oauth_key();
|
|
|
|
if ($api) {
|
|
|
|
return get_all_api_perms($uid, $api);
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$global_perms = Permissions::Perms();
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// Save lots of individual lookups
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$r = null;
|
|
|
|
$c = null;
|
|
|
|
$x = null;
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$channel_checked = false;
|
|
|
|
$onsite_checked = false;
|
|
|
|
$abook_checked = false;
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$ret = [];
|
2016-07-10 04:08:02 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$abperms = (($uid && $observer_xchan) ? get_abconfig($uid, $observer_xchan, 'system', 'my_perms', '') : '');
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
foreach ($global_perms as $perm_name => $permission) {
|
|
|
|
// First find out what the channel owner declared permissions to be.
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$channel_perm = intval(PermissionLimits::Get($uid, $perm_name));
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (! $channel_checked) {
|
|
|
|
$r = q(
|
|
|
|
"select * from channel where channel_id = %d limit 1",
|
|
|
|
intval($uid)
|
|
|
|
);
|
|
|
|
$channel_checked = true;
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// The uid provided doesn't exist. This would be a big fail.
|
2012-12-11 04:09:19 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (! $r) {
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
continue;
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// Next we're going to check for blocked or ignored contacts.
|
|
|
|
// These take priority over all other settings.
|
2012-12-11 04:09:19 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($observer_xchan) {
|
|
|
|
if ($channel_perm & PERMS_AUTHED) {
|
|
|
|
$ret[$perm_name] = true;
|
|
|
|
continue;
|
|
|
|
}
|
2014-12-07 18:27:14 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (! $abook_checked) {
|
|
|
|
$x = q(
|
|
|
|
"select abook_blocked, abook_ignored, abook_pending, xchan_network from abook
|
2019-04-06 23:33:49 +00:00
|
|
|
left join xchan on abook_xchan = xchan_hash
|
2015-06-15 04:08:00 +00:00
|
|
|
where abook_channel = %d and abook_xchan = '%s' and abook_self = 0 limit 1",
|
2021-12-03 03:01:39 +00:00
|
|
|
intval($uid),
|
|
|
|
dbesc($observer_xchan)
|
|
|
|
);
|
2012-12-11 04:09:19 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$abook_checked = true;
|
|
|
|
}
|
2014-12-07 18:27:14 +00:00
|
|
|
|
2021-12-06 21:19:19 +00:00
|
|
|
if($channel_perm & PERMS_NETWORK) {
|
|
|
|
if($x && in_array($x[0]['xchan_network'],['nomad','zot6'])) {
|
|
|
|
$ret[$perm_name] = true;
|
|
|
|
continue;
|
|
|
|
}
|
2012-12-11 04:09:19 +00:00
|
|
|
}
|
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// If they're blocked - they can't read or write
|
2014-07-04 02:34:00 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (($x) && intval($x[0]['abook_blocked'])) {
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
continue;
|
|
|
|
}
|
2014-07-04 02:34:00 +00:00
|
|
|
|
2022-11-20 05:28:50 +00:00
|
|
|
// Check if write permission is being ignored
|
2021-12-03 03:01:39 +00:00
|
|
|
// This flag is only visible internally.
|
2012-12-11 04:09:19 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$blocked_anon_perms = Permissions::BlockedAnonPerms();
|
2019-06-08 23:53:05 +00:00
|
|
|
|
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (($x) && ($default_ignored) && in_array($perm_name, $blocked_anon_perms) && intval($x[0]['abook_ignored'])) {
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// Check if this $uid is actually the $observer_xchan - if it's your content
|
|
|
|
// you always have permission to do anything
|
|
|
|
// if you've moved elsewhere, you will only have read only access
|
|
|
|
|
|
|
|
if (($observer_xchan) && ($r[0]['channel_hash'] === $observer_xchan)) {
|
|
|
|
if ($r[0]['channel_moved'] && (in_array($perm_name, $blocked_anon_perms))) {
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
} else {
|
|
|
|
$ret[$perm_name] = true;
|
|
|
|
}
|
|
|
|
// moderated is a negative permission, don't moderate your own posts
|
|
|
|
if ($perm_name === 'moderated') {
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Anybody at all (that wasn't blocked or ignored). They have permission.
|
2012-12-11 04:09:19 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($channel_perm & PERMS_PUBLIC) {
|
|
|
|
$ret[$perm_name] = true;
|
|
|
|
continue;
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// From here on out, we need to know who they are. If we can't figure it
|
|
|
|
// out, permission is denied.
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (! $observer_xchan) {
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
continue;
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// If we're still here, we have an observer, check the network.
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($channel_perm & PERMS_NETWORK) {
|
|
|
|
if ($x && $x[0]['xchan_network'] === 'zot6') {
|
|
|
|
$ret[$perm_name] = true;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// If PERMS_SITE is specified, find out if they've got an account on this hub
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($channel_perm & PERMS_SITE) {
|
|
|
|
if (! $onsite_checked) {
|
|
|
|
$c = q(
|
|
|
|
"select channel_hash from channel where channel_hash = '%s' limit 1",
|
|
|
|
dbesc($observer_xchan)
|
|
|
|
);
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$onsite_checked = true;
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($c) {
|
|
|
|
$ret[$perm_name] = true;
|
|
|
|
} else {
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
}
|
2014-06-17 07:26:18 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
continue;
|
|
|
|
}
|
2013-06-15 22:45:54 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// From here on we require that the observer be a connection and
|
|
|
|
// handle whether we're allowing any, approved or specific ones
|
2014-06-17 07:26:18 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (! $x) {
|
2022-04-17 08:21:18 +00:00
|
|
|
// deliver_stream is assumed to be permitted unles it is prohibited for specific connections.
|
|
|
|
if ($perm_name === 'deliver_stream') {
|
2024-04-27 03:16:59 +00:00
|
|
|
$ret[$perm_name] = true;
|
2022-04-17 08:21:18 +00:00
|
|
|
}
|
2024-05-01 10:22:59 +00:00
|
|
|
else {
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
}
|
2021-12-03 03:01:39 +00:00
|
|
|
continue;
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// They are in your address book, but haven't been approved
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($channel_perm & PERMS_PENDING) {
|
|
|
|
$ret[$perm_name] = true;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (intval($x[0]['abook_pending'])) {
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
// They're a contact, so they have permission
|
|
|
|
|
|
|
|
if ($channel_perm & PERMS_CONTACTS) {
|
|
|
|
$ret[$perm_name] = true;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Permission granted to certain channels. Let's see if the observer is one of them
|
|
|
|
|
|
|
|
if ($channel_perm & PERMS_SPECIFIC) {
|
|
|
|
if ($abperms) {
|
|
|
|
$arr = explode(',', $abperms);
|
|
|
|
if ($arr) {
|
|
|
|
if (in_array($perm_name, $arr)) {
|
|
|
|
$ret[$perm_name] = true;
|
|
|
|
} else {
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// No permissions allowed.
|
|
|
|
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
}
|
|
|
|
|
2022-11-20 05:28:50 +00:00
|
|
|
$arr = [
|
2021-12-03 03:01:39 +00:00
|
|
|
'channel_id' => $uid,
|
|
|
|
'observer_hash' => $observer_xchan,
|
2022-11-20 05:28:50 +00:00
|
|
|
'permissions' => $ret];
|
2021-12-03 03:01:39 +00:00
|
|
|
|
2022-02-12 08:50:48 +00:00
|
|
|
Hook::call('get_all_perms', $arr);
|
2021-12-03 03:01:39 +00:00
|
|
|
|
|
|
|
return $arr['permissions'];
|
2012-10-29 01:50:35 +00:00
|
|
|
}
|
|
|
|
|
2014-12-07 18:27:14 +00:00
|
|
|
/**
|
|
|
|
* @brief Checks if given permission is allowed for given observer on a channel.
|
|
|
|
*
|
|
|
|
* Checks if the given observer with the hash $observer_xchan has permission
|
|
|
|
* $permission on channel_id $uid.
|
|
|
|
*
|
|
|
|
* @param int $uid The channel_id associated with the resource owner
|
|
|
|
* @param string $observer_xchan The xchan_hash representing the observer
|
|
|
|
* @param string $permission
|
2018-07-31 00:41:37 +00:00
|
|
|
* if false bypass check for "Block Public" at the site level
|
2014-12-07 18:27:14 +00:00
|
|
|
* @return bool true if permission is allowed for observer on channel
|
|
|
|
*/
|
2022-11-20 05:28:50 +00:00
|
|
|
function perm_is_allowed($uid, $observer_xchan, $permission)
|
2021-12-03 03:01:39 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
$api = App::get_oauth_key();
|
|
|
|
if ($api) {
|
|
|
|
return api_perm_is_allowed($uid, $api, $permission);
|
|
|
|
}
|
|
|
|
|
|
|
|
$arr = [
|
|
|
|
'channel_id' => $uid,
|
|
|
|
'observer_hash' => $observer_xchan,
|
|
|
|
'permission' => $permission,
|
|
|
|
'result' => 'unset'
|
|
|
|
];
|
|
|
|
|
2022-02-12 08:50:48 +00:00
|
|
|
Hook::call('perm_is_allowed', $arr);
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($arr['result'] !== 'unset') {
|
|
|
|
return $arr['result'];
|
|
|
|
}
|
|
|
|
|
|
|
|
// First find out what the channel owner declared permissions to be.
|
|
|
|
|
|
|
|
$channel_perm = PermissionLimits::Get($uid, $permission);
|
|
|
|
if ($channel_perm === false) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$r = q(
|
|
|
|
"select channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1",
|
|
|
|
intval($uid)
|
|
|
|
);
|
|
|
|
if (! $r) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$blocked_anon_perms = Permissions::BlockedAnonPerms();
|
|
|
|
|
|
|
|
if ($observer_xchan) {
|
|
|
|
if ($channel_perm & PERMS_AUTHED) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
$x = q(
|
|
|
|
"select abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash
|
|
|
|
where abook_channel = %d and abook_xchan = '%s' and abook_self = 0 limit 1",
|
|
|
|
intval($uid),
|
|
|
|
dbesc($observer_xchan)
|
|
|
|
);
|
2016-07-10 02:03:29 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// If they're blocked - they can't read or write
|
2016-07-10 02:03:29 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (($x) && intval($x[0]['abook_blocked'])) {
|
|
|
|
return false;
|
|
|
|
}
|
2014-02-19 04:59:25 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (($x) && in_array($permission, $blocked_anon_perms) && intval($x[0]['abook_ignored'])) {
|
|
|
|
return false;
|
|
|
|
}
|
2014-12-07 18:27:14 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$abperms = get_abconfig($uid, $observer_xchan, 'system', 'my_perms', '');
|
|
|
|
}
|
2012-12-11 04:09:19 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// Check if this $uid is actually the $observer_xchan
|
|
|
|
// you will have full access unless the channel was moved -
|
|
|
|
// in which case you will have read_only access
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($r[0]['channel_hash'] === $observer_xchan) {
|
|
|
|
// moderated is a negative permission
|
|
|
|
if ($permission === 'moderated') {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if ($r[0]['channel_moved'] && (in_array($permission, $blocked_anon_perms))) {
|
|
|
|
return false;
|
|
|
|
} else {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($channel_perm & PERMS_PUBLIC) {
|
|
|
|
return true;
|
|
|
|
}
|
2012-11-02 05:23:13 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (! $observer_xchan) {
|
|
|
|
return false;
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// If we're still here, we have an observer, check the network.
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-03-17 01:59:56 +00:00
|
|
|
if ($channel_perm & PERMS_NETWORK) {
|
2021-10-28 08:55:09 +00:00
|
|
|
if ($x && in_array($x[0]['xchan_network'],['nomad','zot6'])) {
|
2014-04-09 23:30:03 +00:00
|
|
|
return true;
|
2021-03-17 01:59:56 +00:00
|
|
|
}
|
2014-04-09 23:30:03 +00:00
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// If PERMS_SITE is specified, find out if they've got an account on this hub
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($channel_perm & PERMS_SITE) {
|
|
|
|
$c = q(
|
|
|
|
"select channel_hash from channel where channel_hash = '%s' limit 1",
|
|
|
|
dbesc($observer_xchan)
|
|
|
|
);
|
|
|
|
if ($c) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
2014-06-17 07:26:18 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// From here on we require that the observer be a connection and
|
|
|
|
// handle whether we're allowing any, approved or specific ones
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (! $x) {
|
2022-04-17 08:21:18 +00:00
|
|
|
// The deliver_stream permission is only evaluated for connections.
|
|
|
|
// It is only used to prune the delivery list of any connections that are
|
2022-11-20 05:28:50 +00:00
|
|
|
// followers-only, and we specifically don't want to send stuff to.
|
2022-04-17 08:21:18 +00:00
|
|
|
// It returns true for anybody not connected.
|
|
|
|
if ($permission === 'deliver_stream') {
|
|
|
|
return true;
|
|
|
|
}
|
2021-12-03 03:01:39 +00:00
|
|
|
return false;
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// They are in your address book, but haven't been approved
|
2014-06-17 07:26:18 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($channel_perm & PERMS_PENDING) {
|
|
|
|
return true;
|
|
|
|
}
|
2014-06-17 07:26:18 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (intval($x[0]['abook_pending'])) {
|
|
|
|
return false;
|
|
|
|
}
|
2013-06-15 22:45:54 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// They're a contact, so they have permission
|
2014-06-17 07:26:18 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($channel_perm & PERMS_CONTACTS) {
|
|
|
|
return true;
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// Permission granted to certain channels. Let's see if the observer is one of them
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2022-11-20 05:28:50 +00:00
|
|
|
if ($channel_perm & PERMS_SPECIFIC) {
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($abperms) {
|
|
|
|
$arr = explode(',', $abperms);
|
|
|
|
if ($arr) {
|
|
|
|
if (in_array($permission, $arr)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
// No permissions allowed.
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
return false;
|
2012-10-29 01:50:35 +00:00
|
|
|
}
|
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
function get_all_api_perms($uid, $api)
|
|
|
|
{
|
|
|
|
|
|
|
|
$global_perms = Permissions::Perms();
|
|
|
|
|
|
|
|
$ret = [];
|
|
|
|
|
|
|
|
$r = q(
|
|
|
|
"select * from xperm where xp_client = '%s' and xp_channel = %d",
|
|
|
|
dbesc($api),
|
|
|
|
intval($uid)
|
|
|
|
);
|
|
|
|
|
|
|
|
if (! $r) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$allow_all = false;
|
|
|
|
$allowed = [];
|
|
|
|
foreach ($r as $rr) {
|
|
|
|
if ($rr['xp_perm'] === 'all') {
|
|
|
|
$allow_all = true;
|
|
|
|
}
|
|
|
|
if (! in_array($rr['xp_perm'], $allowed)) {
|
|
|
|
$allowed[] = $rr['xp_perm'];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
foreach ($global_perms as $perm_name => $permission) {
|
|
|
|
if ($allow_all || in_array($perm_name, $allowed)) {
|
|
|
|
$ret[$perm_name] = true;
|
|
|
|
} else {
|
|
|
|
$ret[$perm_name] = false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-20 05:28:50 +00:00
|
|
|
$arr = [
|
2021-12-03 03:01:39 +00:00
|
|
|
'channel_id' => $uid,
|
2022-08-14 09:20:43 +00:00
|
|
|
'observer_hash' => get_observer_hash(),
|
2022-11-20 05:28:50 +00:00
|
|
|
'permissions' => $ret];
|
2021-12-03 03:01:39 +00:00
|
|
|
|
2022-02-12 08:50:48 +00:00
|
|
|
Hook::call('get_all_api_perms', $arr);
|
2021-12-03 03:01:39 +00:00
|
|
|
|
|
|
|
return $arr['permissions'];
|
2015-05-18 01:14:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
function api_perm_is_allowed($uid, $api, $permission)
|
|
|
|
{
|
2015-05-18 01:14:50 +00:00
|
|
|
|
2022-11-20 05:28:50 +00:00
|
|
|
$arr = [
|
2021-12-03 03:01:39 +00:00
|
|
|
'channel_id' => $uid,
|
2022-08-14 09:20:43 +00:00
|
|
|
'observer_hash' => get_observer_hash(),
|
2021-12-03 03:01:39 +00:00
|
|
|
'permission' => $permission,
|
|
|
|
'result' => false
|
2022-11-20 05:28:50 +00:00
|
|
|
];
|
2015-05-18 01:14:50 +00:00
|
|
|
|
2022-02-12 08:50:48 +00:00
|
|
|
Hook::call('api_perm_is_allowed', $arr);
|
2021-12-03 03:01:39 +00:00
|
|
|
if ($arr['result']) {
|
|
|
|
return true;
|
|
|
|
}
|
2015-05-18 01:14:50 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
$r = q(
|
|
|
|
"select * from xperm where xp_client = '%s' and xp_channel = %d and ( xp_perm = 'all' OR xp_perm = '%s' )",
|
|
|
|
dbesc($api),
|
|
|
|
intval($uid),
|
|
|
|
dbesc($permission)
|
|
|
|
);
|
2015-05-18 01:14:50 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
if (! $r) {
|
|
|
|
return false;
|
|
|
|
}
|
2015-05-18 01:14:50 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
foreach ($r as $rr) {
|
|
|
|
if ($rr['xp_perm'] === 'all' || $rr['xp_perm'] === $permission) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
2015-05-18 01:14:50 +00:00
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
return false;
|
2015-05-18 01:14:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2013-01-14 02:35:12 +00:00
|
|
|
// Check a simple array of observers against a permissions
|
|
|
|
// return a simple array of those with permission
|
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
function check_list_permissions($uid, $arr, $perm)
|
|
|
|
{
|
|
|
|
$result = [];
|
|
|
|
if ($arr) {
|
|
|
|
foreach ($arr as $x) {
|
|
|
|
if (perm_is_allowed($uid, $x, $perm)) {
|
|
|
|
$result[] = $x;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return($result);
|
2013-01-14 02:35:12 +00:00
|
|
|
}
|
2012-10-29 01:50:35 +00:00
|
|
|
|
2022-05-12 21:14:08 +00:00
|
|
|
function check_deliver_permissions($uid, $arr)
|
|
|
|
{
|
|
|
|
$result = [];
|
|
|
|
// Find actors we are not delivering to.
|
2022-05-25 09:39:34 +00:00
|
|
|
$r = q("select * from abconfig where chan = %d and cat = 'system' and k = 'my_perms' and v not like '%%deliver_stream%%'",
|
2022-05-12 21:14:08 +00:00
|
|
|
intval($uid)
|
|
|
|
);
|
2024-05-11 02:20:32 +00:00
|
|
|
$willNotSend = ids_to_array($r,'xchan');
|
|
|
|
|
|
|
|
// Find actors accepting our posts
|
2024-05-18 20:27:31 +00:00
|
|
|
|
2024-05-11 02:20:32 +00:00
|
|
|
$r = q("select * from abconfig where chan = %d and cat = 'system' and k = 'their_perms' and v like '%%send_stream%%'",
|
|
|
|
intval($uid)
|
|
|
|
);
|
|
|
|
$theyAccept = ids_to_array($r, 'xchan');
|
2022-05-12 21:14:08 +00:00
|
|
|
|
|
|
|
// Filter the recipient list accordingly.
|
|
|
|
if ($arr) {
|
|
|
|
foreach ($arr as $x) {
|
2024-05-18 20:27:31 +00:00
|
|
|
$accepting = $deliverable = false;
|
|
|
|
if (in_array($x, $theyAccept)) {
|
|
|
|
$accepting = true;
|
|
|
|
}
|
|
|
|
if (!in_array($x,$willNotSend)) {
|
|
|
|
$deliverable = true;
|
|
|
|
}
|
|
|
|
if ($deliverable && !$accepting) {
|
|
|
|
// Groups don't generally provide send_stream permission as they aren't really following you,
|
|
|
|
// but they do allow you to send them group targeted posts.
|
|
|
|
$r = q("select xchan_hash from xchan where xchan_hash = '%s' and xchan_type = %d ",
|
|
|
|
dbesc($x),
|
|
|
|
intval(XCHAN_TYPE_GROUP)
|
|
|
|
);
|
|
|
|
if ($r) {
|
|
|
|
$result[] = $x;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ($deliverable && $accepting) {
|
2022-05-12 21:14:08 +00:00
|
|
|
$result[] = $x;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return($result);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2014-12-07 18:27:14 +00:00
|
|
|
/**
|
|
|
|
* @brief Sets site wide default permissions.
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
2021-12-03 03:01:39 +00:00
|
|
|
function site_default_perms()
|
|
|
|
{
|
|
|
|
|
|
|
|
$ret = [];
|
|
|
|
|
2022-11-20 05:28:50 +00:00
|
|
|
$typical = [
|
2021-12-03 03:01:39 +00:00
|
|
|
'view_stream' => PERMS_PUBLIC,
|
2022-05-05 23:53:36 +00:00
|
|
|
'deliver_stream'=> PERMS_SPECIFIC,
|
2021-12-03 03:01:39 +00:00
|
|
|
'view_profile' => PERMS_PUBLIC,
|
|
|
|
'view_contacts' => PERMS_PUBLIC,
|
|
|
|
'view_storage' => PERMS_PUBLIC,
|
|
|
|
'view_pages' => PERMS_PUBLIC,
|
|
|
|
'view_wiki' => PERMS_PUBLIC,
|
|
|
|
'send_stream' => PERMS_SPECIFIC,
|
|
|
|
'post_wall' => PERMS_SPECIFIC,
|
|
|
|
'post_comments' => PERMS_SPECIFIC,
|
|
|
|
'post_mail' => PERMS_SPECIFIC,
|
|
|
|
'tag_deliver' => PERMS_SPECIFIC,
|
|
|
|
'chat' => PERMS_SPECIFIC,
|
|
|
|
'write_storage' => PERMS_SPECIFIC,
|
|
|
|
'write_pages' => PERMS_SPECIFIC,
|
|
|
|
'write_wiki' => PERMS_SPECIFIC,
|
|
|
|
'delegate' => PERMS_SPECIFIC,
|
|
|
|
'post_like' => PERMS_NETWORK
|
2022-11-20 05:28:50 +00:00
|
|
|
];
|
2021-12-03 03:01:39 +00:00
|
|
|
|
|
|
|
$global_perms = Permissions::Perms();
|
|
|
|
|
|
|
|
foreach ($global_perms as $perm => $v) {
|
|
|
|
$x = get_config('default_perms', $perm, $typical[$perm]);
|
|
|
|
$ret[$perm] = $x;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $ret;
|
2013-08-19 03:20:03 +00:00
|
|
|
}
|
2014-08-18 05:53:00 +00:00
|
|
|
|
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
function their_perms_contains($channel_id, $xchan_hash, $perm)
|
|
|
|
{
|
|
|
|
$x = get_abconfig($channel_id, $xchan_hash, 'system', 'their_perms');
|
|
|
|
if ($x) {
|
|
|
|
$y = explode(',', $x);
|
|
|
|
if (in_array($perm, $y)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
2018-10-25 06:00:30 +00:00
|
|
|
}
|
|
|
|
|
2021-12-03 03:01:39 +00:00
|
|
|
function my_perms_contains($channel_id, $xchan_hash, $perm)
|
|
|
|
{
|
|
|
|
$x = get_abconfig($channel_id, $xchan_hash, 'system', 'my_perms');
|
|
|
|
if ($x) {
|
|
|
|
$y = explode(',', $x);
|
|
|
|
if (in_array($perm, $y)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|